tcpdump mailing list archives
Re: match by tcp sequence number?
From: "Jan C. Nordholz" <jckn () gmx net>
Date: Sun, 15 Jul 2007 01:47:53 +0200
Hi,
I'm trying to write a filter for a small pcap application. I need to match by the tcp sequence number, as I'm only interested in packets with sequence number 1. I know I can match by octet, using e.g. tcp[13] == ???, but the sequence field is 4 octets (32-bit). How can I match against this field?
tcp[4:4] should work. The manpage states that you can use expressions like
proto [ expr : size ]
in your match string. Regards, Jan - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- match by tcp sequence number? Mike Mohr (Jul 14)
- Re: match by tcp sequence number? Jan C. Nordholz (Jul 14)
- Re: match by tcp sequence number? Mike Mohr (Jul 16)
- Re: match by tcp sequence number? Jan C. Nordholz (Jul 14)